Full Disclosure mailing list archives

[CVE-2018-12996] Zoho manageengine Applications Manager Reflected XSS

From: "xiaotian.wang"<xiaotian.wang () dbappsecurity com cn>
Date: Fri, 20 Jul 2018 14:04:28 +0800

This issue has been reported to the vendor who has already published patches for this issue.
https://www.manageengine.com/products/applications_manager/issues.html


==========================
Advisory:Zoho manageengine Applications Manager Reflected XSSVulnerability
Author: M3 From DBAppSecurity
Affected Version: All
==========================
Proof of Concept:
==========================
/GraphicalView.do?method=createBusinessService"scriptalert(5045)/script


Notice: It can be successfully reproduced under IE.

Attachment: 1111.png
Description:


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Current thread:

[CVE-2018-12996] Zoho manageengine Applications Manager Reflected XSS xiaotian.wang (Jul 20)